Five alleged crypto scammers were indicted yesterday in Paris for an audacious phishing scam, according to a release from the Agence France-Presse (via BFM Crypto). Altogether, the scammers are charged with stealing and reselling blue chip NFTs totaling $2.5 million from at least five victims.
Two are charged with manufacturing the phishing site that facilitated these thefts, said Christopher Durand, deputy chief of France’s cyber-crime authority. Three others are accused of handling the advertising and money laundering aspects of the scam. All five suspects are between the ages of 19 and 24 and hail from Paris, Caen, and Tours.
French authorities placed them in pre-trial detention on Monday, along with one suspect’s parents. The parents have since been released without prosecution.
Vigilante sleuth ZachXBT launched his own investigation into the matter in December 2022. He published an independent report on August 8, 2022, naming the suspects and laying out his extensive research. “I had been tracking the phishing scammers charged months prior to my article,” ZachXBT told Artnet News over Twitter. The French government opened their case on August 23, 2022, in response to ZachXBT’s report.
According to ZachXBT, the shenanigans started on December 13, 2021, when scammers phished Bored Ape #237 from Twitter user Dilly Dilly, who clicked on a link shared in the BAYC Discord by a verified user offering to turn static Ape images into moving GIFs. “Once he approved the transaction, his BAYC was moved out of his wallet and into the hands of a scammer,” the report says.
The BAYC community quickly helped Dilly Dilly recover it—but not before the scammers could turn a profit. Soon after, they also claimed three more victims, snagging two NFTs from the Mutant Ape Yacht Club collection and one NFT from the hotly traded Doodles collection.
The generosity in this space vastly outweighs the malevolence and that is why I am still so convicted to be here. Surely, no one needed to sacrifice themselves for my mistakes and yet so many have come forth to lift me back up. I cherish you all. https://t.co/XuaYRR6Flt
— Dilly Dilly (@DillyDilly_eth) December 14, 2021
On January 2, 2022, Twitter user Tumolo lost BAYC #6166 after Twitter user “Exyt” convinced them to transact with “a similarly fraudulent BAYC animator website.” Exyt continued reaching out to other BAYC holders, seemingly targeting them for phishing attacks.
ZachXBT scoured the public, but anonymous, blockchain ledger and discovered the scammers sold both Apes on OpenSea immediately after their theft—for a total of $358,000 in crypto.
He also saw the scammers laundered the loot using Tornado Cash, a crypto-laundering tool recently banned by the SEC. However, they failed to make their withdrawals anonymous: a user named “mathys.eth” had pulled funds from Tornado Cash in amounts identical to those laundered.
Following still another scam in March 2022, ZachXBT scanned the source code behind their phishing site and found it attributed to a Telegram user named, fittingly, “mtscam.”
Further social media sleuthing then led ZachXBT to the ringleader: an 18 year old named Mathys, whose jewelry matched that shown in the mtscam Telegram profile picture. His accomplice, Camile, had bragged over Twitter about owning stolen NFTs. ZachXBT believes that French officials could uncover further thefts amounting to $871,000.
Web3 is rife with crime. An Immunefi report cited by Barrons found that nearly $14 million dollars worth of stolen BAYC NFTs have been traded over OpenSea so far. “BAYC is one of the most valuable NFT profile picture collections so it’s inevitable owners have become huge targets,” ZachXBT told Artnet News.
So far, white hat vigilantes like him have proven more efficient than the police. “There’s a huge learning curve that comes with it and also not many legal precedents,” the web sleuth remarked.” As the space matures over time that’ll likely change.”
While the authorities catch up, ZachXBT is accepting donations to fund equipment upgrades, future legal costs, and his labor.